Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
django vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2020-7471
Django 1.11 prior to 1.11.28, 2.2 prior to 2.2.10, and 3.0 prior to 3.0.3 allows SQL Injection if untrusted data is used as a StringAgg delimiter (e.g., in Django applications that offer downloads of data as a series of rows with a user-specified column delimiter). By passing a s...
Djangoproject Django
11 Github repositories
7.5
CVSSv2
CVE-2019-14234
An issue exists in Django 1.11.x prior to 1.11.23, 2.1.x prior to 2.1.11, and 2.2.x prior to 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, w...
Djangoproject Django
Fedoraproject Fedora 30
Debian Debian Linux 9.0
Debian Debian Linux 10.0
2 Github repositories
7.5
CVSSv2
CVE-2019-13177
verification.py in django-rest-registration (aka Django REST Registration library) prior to 0.5.0 relies on a static string for signatures (i.e., the Django Signing API is misused), which allows remote malicious users to spoof the verification process. This occurs because incorre...
Django-rest-registration Project Django-rest-registration
7.5
CVSSv2
CVE-2017-16764
An exploitable vulnerability exists in the YAML parsing functionality in the read_yaml_file method in io_utils.py in django_make_app 0.1.3. A YAML parser can execute arbitrary Python commands resulting in command execution. An attacker can insert Python into loaded YAML to trigge...
Django Make App Project Django Make App 0.1.3
7.5
CVSSv2
CVE-2011-4103
emitters.py in Django Piston prior to 0.2.3 and 0.2.x prior to 0.2.2.1 does not properly deserialize YAML data, which allows remote malicious users to execute arbitrary Python code via vectors related to the yaml.load method.
Djangoproject Piston
7.5
CVSSv2
CVE-2011-4104
The from_yaml method in serializers.py in Django Tastypie prior to 0.9.10 does not properly deserialize YAML data, which allows remote malicious users to execute arbitrary Python code via vectors related to the yaml.load method.
Djangoproject Tastypie
7.5
CVSSv2
CVE-2011-0698
Directory traversal vulnerability in Django 1.1.x prior to 1.1.4 and 1.2.x prior to 1.2.5 on Windows might allow remote malicious users to read or execute files via a / (slash) character in a key in a session cookie, related to session replays.
Djangoproject Django 1.1.0
Djangoproject Django 1.1.2
Djangoproject Django 1.1
Djangoproject Django 1.1.3
Djangoproject Django 1.2
Djangoproject Django 1.2.1
Djangoproject Django 1.2.2
Djangoproject Django 1.2.3
Djangoproject Django 1.2.4
7.5
CVSSv2
CVE-2007-0404
bin/compile-messages.py in Django 0.95 does not quote argument strings before invoking the msgfmt program through the os.system function, which allows malicious users to execute arbitrary commands via shell metacharacters in a (1) .po or (2) .mo file.
Django Project Django 0.95
6.8
CVSSv2
CVE-2021-3994
django-helpdesk is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Django-helpdesk Project Django-helpdesk
6.8
CVSSv2
CVE-2011-4952
cobbler: Web interface lacks CSRF protection when using Django framework
Cobblerd Cobbler -
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »